System IP ： 192.168.124.66 ## 1- Overview ```text ``` ## 2- Port Enumeration** ### 2.1-Service Enumeration **Using autoNmap for scanning：** ``` rustscan -a 192.168.124.66 -u 5000 -- -A ``` **The nmap results are as follows:** ``` Open 192.168.124.66:22 Open 192.168.124.66:80 Open 192.168.124.66:139 Open 192.168.124.66:445 ``` ### 2.2-Web Server Enumeration web info ``` http://192.168.124.66/robots.txt -> http://192.168.124.66/tiki ``` ![[Pasted image 20220328221613.png]] we can see the website is a tiki-wiki. #### gobuster ``` ``` results: ``` ``` ### port 445 ``` smbmap -H 192.168.124.66 -u "" -p "" ``` ![[Pasted image 20220328222443.png]] ``` smbclient //192.168.124.66/notes -U "" -N get Mail.txt ``` ![[Pasted image 20220328222519.png]] The password is 51lky571k1 ``` enum4linux 192.168.124.66 -o -i -> find user in machine ``` ``` silky : 51lky571k1 ``` ![[Pasted image 20220328223248.png]] ![[Pasted image 20220328223413.png]] Writeup of CVE-2020-15906 - GitHub https://github.com/S1lkys/CVE-2020-15906.git ![[Pasted image 20220328223923.png]] ![[Pasted image 20220328224516.png]] ## 3-Establish a foothold ![[Pasted image 20220328225130.png]] ``` silky : Agy8Y7SPJNXQzqA -》 ssh cred ``` ![[Pasted image 20220328225327.png]] ## 4- Privilege Escalation ![[Pasted image 20220328225425.png]]